Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8a5afac0fe0a5f6c4f3c4b2334690324767a03a9e1d8b770bb34038144730a3e

  • Size

    390KB

  • Sample

    230718-wkgm1adg5t

  • MD5

    f57753ddd286ffc062427b2ccabd95e0

  • SHA1

    5fc871d1136f599429d291100d11a1c725dc3d92

  • SHA256

    8a5afac0fe0a5f6c4f3c4b2334690324767a03a9e1d8b770bb34038144730a3e

  • SHA512

    b1cf8c221f35ec7a26ac96a2a2d96490dc132f6b90ed30c4d74d5d89d0e6f628689fef3a51b835c845021d50c45c0af0470cd47768fdc61a94f3a550530def74

  • SSDEEP

    12288:/Mray90Ys6TwJElJS3B+S1RS0cHnl9BSiR8hQ:Nyg6TNZESbHlN

Malware Config

Extracted

Family

amadey

Version

3.85

C2

77.91.68.3/home/love/index.php

Extracted

Family

redline

Botnet

roma

C2

77.91.68.56:19071

Attributes
  • auth_value

    f099c2cf92834dbc554a94e1456cf576

Targets

    • Target

      8a5afac0fe0a5f6c4f3c4b2334690324767a03a9e1d8b770bb34038144730a3e

    • Size

      390KB

    • MD5

      f57753ddd286ffc062427b2ccabd95e0

    • SHA1

      5fc871d1136f599429d291100d11a1c725dc3d92

    • SHA256

      8a5afac0fe0a5f6c4f3c4b2334690324767a03a9e1d8b770bb34038144730a3e

    • SHA512

      b1cf8c221f35ec7a26ac96a2a2d96490dc132f6b90ed30c4d74d5d89d0e6f628689fef3a51b835c845021d50c45c0af0470cd47768fdc61a94f3a550530def74

    • SSDEEP

      12288:/Mray90Ys6TwJElJS3B+S1RS0cHnl9BSiR8hQ:Nyg6TNZESbHlN

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks